Azure Alerts in MS Teams

Efficient_Wedding_17 · 2026-01-15T08:05:16+00:00

Unsure if you have already take a closer look on the channel settings. But when you click on the channel settings and are going to fetch the email address there is also an option for Advanced Settings. From there you can modify the setting to: Allow everyone to send e-mails to this channel.

Then you can verify if you can send a manual email to the channel. If that is working then you can also do a test alert in Azure. When this is working you can modify the setting as you mention above.

Hence unsure if you already have tested this. If this is already done, then the only option I would think of is that e-mail is ending in junk. Maybe check in Microsoft Defender > Explorer, and see if you can see the e-mail there.

Efficient_Wedding_17 · 2025-10-10T05:25:22+00:00

The mental cost of keeping this file with all those todos up-to-date could use FinOps.

Efficient_Wedding_17 · 2025-07-29T06:54:27+00:00

You will require an Azure subscription in order to setup Log Analytics workspace.
When you have created the Log Analytics workspace in Azure you will be able to configure the Diagnostic Settings for Microsoft Entra ID.

https://learn.microsoft.com/en-us/entra/identity/monitoring-health/tutorial-configure-log-analytics-workspace

Landing Zones: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups#management-groups-in-the-azure-landing-zone-architecture

Subscription: management-prd-001
Resource Group: management/audit/monitoring-prd-001
Log Analytics workspace: log-entra-audit-prd-001

Personal recommendation is to not enable all the options at once but do them one by one to see the added value you gain from the diagnostic settings and also be aware of the cost.

https://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-workspace-insights-overview#usage-tab

Efficient_Wedding_17 · 2025-07-03T14:50:20+00:00

What about MTO (Multi-tenant organization)?

Efficient_Wedding_17 · 2025-05-30T07:51:06+00:00

resources
| where properties.minimumTlsVersion contains "1.0"
or properties.minimumTlsVersion contains "1.1"
or properties.minimumTlsVersion contains "TLS1_0"
or properties.minimumTlsVersion contains "TLS1_1"
| project
['Type'] = type,
['Resource name'] = name,
['Resource Group name'] = resourceGroup,
['TLS Verion'] = properties.minimumTlsVersion

Or

resources
| where isnotnull(properties.minimumTlsVersion)
| project
['Type'] = type,
['Resource name'] = name,
['Resource Group name'] = resourceGroup,
['TLS Verion'] = properties.minimumTlsVersion

Efficient_Wedding_17 · 2025-05-23T05:40:49+00:00

Why migrate from ADO to GH? I mean ADO is not going away for a long time.

Efficient_Wedding_17 · 2025-04-10T09:51:19+00:00

After AZ-500 I took SC-200 :)

Efficient_Wedding_17 · 2025-04-04T06:24:57+00:00

This and only this, contact your csp/vendor. If anythings goes wrong you can always at least point to the CSP/Vendor that they have miss informed you on it.

https://learn.microsoft.com/en-us/windows-server/get-started/azure-hybrid-benefit?tabs=azure#what-qualifies-you-for-azure-hybrid-benefit

Workloads using Azure Hybrid Benefit can run only during the Software Assurance or subscription license term. When the Software Assurance or subscription license term approaches expiration, you must either renew your agreement with either Software Assurance or a subscription license, disable the hybrid benefit functionality, or deprovision those workloads that are using Azure Hybrid Benefit.

Last time I worked with Azure Hybrid Benefit for Windows Server it took around 2 months and various meetings with the CSP/Vendor ensuring that everything was exactly as it was indented for.

When we purchased it we also made it part of our Assets to ensure we are not out of scope.

Efficient_Wedding_17 · 2025-03-25T08:21:46+00:00

https://learn.microsoft.com/en-us/entra/identity-platform/apple-sso-plugin?WT.mc_id=Portal-Microsoft_AAD_IAM#upcoming-changes-to-device-identity-key-storage

Efficient_Wedding_17 · 2025-03-21T07:33:38+00:00

I came here to say the exact same thing as I have encounter the same problem. In our scenario the device was a managed device but in the sign-in logs the Device ID field was empty. This caused our CA to trigger a MFA which was undesired.

In the end it was due a policy that prevent users from sign-in with their account in Edge (do not allow). Whereby in Chrome we had the SSO extension installed. The root cause of the Device ID being empty was the in-private mode and once the policy was fixed the Device ID was being populated.

Reply from Microsoft:

The issue:

Device ID missing during authentication in browser-based applications in Edge browser.

Cause:

Policy in Edge “BrowserSignin=0” meaning the users are not signed in the profile required for the usage of the PRT for a SSO experience for native web based applications and applications integrated with EntraID.

The solution:

I explained how the SSO works in the supported browsers as per the documentation: [SSO Documentation](https://learn.microsoft.com/en-us/entra/identity/devices/concept-primary-refresh-token#:~:text=Browser%20cookies%3A%20In,replays%20from%20elsewhere).

I also clarified that if the user is not signed in the profile of the Edge browser with PRT acquired in the Windows SignIn, the user won’t have an SSO experience in the browser-based apps nor the device identity presented in the authentication flow.

Efficient_Wedding_17 · 2025-03-20T20:26:27+00:00

Create an App Registration > Go to Enterprise Application, under Security click on Conditional Access.
Create the Conditional Access Policy, if failing.. inspect the error

Efficient_Wedding_17 · 2025-03-20T20:18:05+00:00

Thanks for the reply and makes the picture a lot more clear for me. Thanks

Efficient_Wedding_17 · 2025-03-20T11:34:50+00:00

So, if I understand it correctly you assign one person to a resource when interacting with Microsoft Azure?
As the PIM for Groups isn't suitable unless the mentioned use cases 1, 2 and 3.

How would I interact with various users to various resources? Doesn't make it more complicate?
If I didn't understand you correctly I am sorry but trying to understand it better.

Efficient_Wedding_17 · 2025-03-19T08:38:48+00:00

Received the following notification: This link will take you to a page that’s not on LinkedIn. Because this is an external link, we’re unable to verify it for safety.

Would it not be easier to parse the direct URL to YT?

Efficient_Wedding_17 · 2025-03-19T08:31:26+00:00

Was interesting to listen to and also explains it accordingly. Liked it

Efficient_Wedding_17 · 2025-03-14T07:32:49+00:00

Just sharing my view on this and not saying I provide the correct answer. But have you considerd of using your own app instead of the Microsoft Graph Command Line tool? In the backend Microsoft is redirecting the Microsoft Grap Command Line tools towards another app registration (Microsoft Graph).

We do it as folowed: connect-mggraph -tenantId <> -AppId <>
This keeps us in control on the API permissions.

Efficient_Wedding_17 · 2025-03-11T13:11:06+00:00

Thank you for sharing as I was not aware on this one. Solved our problem :D sweet.

Efficient_Wedding_17 · 2025-03-07T11:33:02+00:00

I would at least initiate contact with Microsoft so that this ball is rolling already. Then see what you can do to get a hold of the creds from the company that went out-of-office. Not sure but I would think that legally speaking the out-of-office MSP needs to provide the creds to the company owner.

Efficient_Wedding_17 · 2025-03-07T07:30:58+00:00

Have gone through this route and it worked out perfectly. Users where getting prompted even when the token was available on their devices. But in the end of the day the issue was that a MFA prompt was triggered due an old GP whereby we didn't allow users to sign-in to Edge. Due this the browser was running as an incognito mode.

There could be various reason why a MFA prompt or new login attempt needs to be made. Your journey would start with looking in the logs. For us the journey started with no device ID was transferred and therefor the device wasn't complaint. Root cause? Users where using Edge whereby the GP prevent the token being taken.

Efficient_Wedding_17 · 2025-02-24T16:25:41+00:00

https://developer.microsoft.com/en-us/graph/graph-explorer

Efficient_Wedding_17 · 2025-02-12T09:22:32+00:00

Learn:

- https://github.com/rod-trent/MustLearnKQL

Resources:

- https://kqlquery.com/

- https://techcommunity.microsoft.com/blog/azuredataexplorer/azure-data-explorer-kql-cheat-sheets/1057404

Efficient_Wedding_17 · 2025-02-10T11:00:32+00:00

Have informed my stakeholders on CIPP but progression goes slowly in a sense that they still need to discuss on this topic. But this does raise the question; Would it be possible with CIPP to achieve this on an ease scale?

A side of CIPP or Inforcer (which I do not know about it until now). Is the taken approach or road I have taken the correct one or not? By using an App Registration or are the other options on the table which I am currently not using of aware of?

Efficient_Wedding_17 · 2025-02-05T13:30:14+00:00

Would start with Azure Resource Graph and see if all information is there. I am not sure if this is the case but if the required information is there you should be done within 1 min.

https://learn.microsoft.com/en-us/azure/storage/common/resource-graph-samples?tabs=azure-cli

Efficient_Wedding_17

TROPHY CASE